The ZZIPlib provides read access on ZIP-archives and unpacked data. It features an additional simplified API following the standard Posix API for file access
Other
62
stars
50
forks
source link
Invalid memory address dereference in zzip_disk_fread (in zzip/mmapped.c:721) [CVE-2018-7725] #39
Hi,it's a issues about the zziplib v0.13.68. It crashed in function zzip_disk_fread.the details are below(ASAN):
./unzzip-mem 001-null-p
ASAN:SIGSEGV
=================================================================
==12462==ERROR: AddressSanitizer: SEGV on unknown address 0x7ffff7fec000 (pc 0x7ffff5d450bd bp 0x62400001e100 sp 0x7fffffffdd40 T0)
#0 0x7ffff5d450bc in inflate (/usr/local/lib/libz.so.1+0xb0bc)
#1 0x7ffff6c65054 in zzip_disk_fread ../../zzip/mmapped.c:721
#2 0x7ffff6c67156 in zzip_mem_disk_fread ../../zzip/memdisk.c:551
#3 0x401696 in unzzip_mem_disk_cat_file ../../bins/unzzipcat-mem.c:52
#4 0x401ae8 in unzzip_cat ../../bins/unzzipcat-mem.c:122
#5 0x401f08 in unzzip_extract ../../bins/unzzipcat-mem.c:170
#6 0x4013e3 in main ../../bins/unzzip.c:74
#7 0x7ffff68b682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#8 0x400fa8 in _start (/usr/local/zzip-asan/bin/unzzip-mem+0x400fa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 inflate
==12462==ABORTING
Hi,it's a issues about the zziplib v0.13.68. It crashed in function zzip_disk_fread.the details are below(ASAN):
POC FILE:https://github.com/fantasy7082/image_test/blob/master/003-unknow-def-zip